{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T11:19:46Z","timestamp":1767093586219,"version":"build-2065373602"},"reference-count":49,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2023,2,12]],"date-time":"2023-02-12T00:00:00Z","timestamp":1676160000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Norwegian University of Science and Technology (NTNU)"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Low-power wide area network (LPWAN) technologies such as IQRF are becoming increasingly popular for a variety of Internet of Things (IoT) applications, including smart cities, industrial control, and home automation. However, LPWANs are vulnerable to cyber attacks that can disrupt the normal operation of the network or compromise sensitive information. Therefore, analyzing cybersecurity risks before deploying an LPWAN is essential, as it helps identify potential vulnerabilities and threats as well as allowing for proactive measures to be taken to secure the network and protect against potential attacks. In this paper, a security risk analysis of IQRF technology is conducted utilizing the failure mode effects analysis (FMEA) method. The results of this study indicate that the highest risk corresponds to four failure modes, namely compromised end nodes, a compromised coordinator, a compromised gateway and a compromised communication between nodes. Moreover, through this methodology, a qualitative risk evaluation is performed to identify potential security threats in the IQRF network and propose countermeasures to mitigate the risk of cyber attacks on IQRF networks.<\/jats:p>","DOI":"10.3390\/s23042078","type":"journal-article","created":{"date-parts":[[2023,2,13]],"date-time":"2023-02-13T02:14:11Z","timestamp":1676254451000},"page":"2078","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["LPWAN Cyber Security Risk Analysis: Building a Secure IQRF Solution"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4858-7360","authenticated-orcid":false,"given":"Mohammed","family":"Bouzidi","sequence":"first","affiliation":[{"name":"Department of Electronic Systems, Norwegian University of Science and Technology, 2821 Gj\u00f8vik, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3390-0772","authenticated-orcid":false,"given":"Ahmed","family":"Amro","sequence":"additional","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2821 Gj\u00f8vik, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9459-0042","authenticated-orcid":false,"given":"Yaser","family":"Dalveren","sequence":"additional","affiliation":[{"name":"Department of Electrical and Electronics Engineering, Atilim University, Incek Golbasi, 06830 Ankara, Turkey"}]},{"given":"Faouzi","family":"Alaya Cheikh","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Norwegian University of Science and Technology, 2821 Gj\u00f8vik, Norway"}]},{"given":"Mohammad","family":"Derawi","sequence":"additional","affiliation":[{"name":"Department of Electronic Systems, Norwegian University of Science and Technology, 2821 Gj\u00f8vik, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2023,2,12]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Masadeh, R., AlSaaidah, B., Masadeh, E., Al-Hadidi, M.R., and Almomani, O. (2022). Elastic Hop Count Trickle Timer Algorithm in Internet of Things. Sustainability, 14.","DOI":"10.3390\/su141912417"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MCOM.2017.1600514","article-title":"Internet-of-Things-based smart cities: Recent advances and challenges","volume":"55","author":"Mehmood","year":"2017","journal-title":"IEEE Commun. Mag."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Adefemi Alimi, K.O., Ouahada, K., Abu-Mahfouz, A.M., and Rimer, S. (2020). A survey on the security of low power wide area networks: Threats, challenges, and potential solutions. Sensors, 20.","DOI":"10.3390\/s20205800"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Chaudhari, B.S., Zennaro, M., and Borkar, S. (2020). LPWAN technologies: Emerging application characteristics, requirements, and design considerations. Future Internet, 12.","DOI":"10.3390\/fi12030046"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Poursafar, N., Alahi, M.E.E., and Mukhopadhyay, S. (2017, January 4\u20136). Long-range wireless technologies for IoT applications: A review. Proceedings of the 2017 Eleventh International Conference on Sensing Technology (ICST), Sydney, Australia.","DOI":"10.1109\/ICSensT.2017.8304507"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"56615","DOI":"10.1109\/ACCESS.2020.2982558","article-title":"Use of the IQRF technology in Internet-of-Things-based smart cities","volume":"8","author":"Bouzidi","year":"2020","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Bouzidi, M., Gupta, N., Dalveren, Y., Mohamed, M., Alaya Cheikh, F., and Derawi, M. (2022). Indoor Propagation Analysis of IQRF Technology for Smart Building Applications. Electronics, 11.","DOI":"10.3390\/electronics11233972"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"72","DOI":"10.5755\/j01.eie.25.2.22739","article-title":"Development of IQRF technology: Analysis, simulations and experimental measurements","volume":"25","author":"Fujdiak","year":"2019","journal-title":"Elektron. Ir Elektrotechnika"},{"key":"ref_9","unstructured":"Zafar, R.B. (2018). Real-Life Experiments Based on IQRF IoT Testbed: From Sensors to Cloud. [Master\u2019s Thesis, University of Agder]."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Bouzidi, M., Mohamed, M., Dalveren, Y., Moldsvor, A., Cheikh, F.A., and Derawi, M. (2022). Propagation Measurements for IQRF Network in an Urban Environment. Sensors, 22.","DOI":"10.3390\/s22187012"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"27","DOI":"10.7236\/IJASC.2016.5.3.27","article-title":"IoT industry & security technology trends","volume":"5","author":"Park","year":"2016","journal-title":"Int. J. Adv. Smart Converg."},{"key":"ref_12","unstructured":"Gu, X., and Zhang, Z. (2021). Introduction to Internet of Things in Management Science and Operations Research, Springer."},{"key":"ref_13","first-page":"1","article-title":"Device Identification and Personal Data Attestation in Networks","volume":"9","author":"Gritti","year":"2018","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"012027","DOI":"10.1088\/1757-899X\/396\/1\/012027","article-title":"Security mechanisms and Vulnerabilities in LPWAN","volume":"396","author":"Chacko","year":"2018","journal-title":"IOP Conf. Ser. Mater. Sci. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MITP.2017.3680959","article-title":"Security risk assessment in internet of things systems","volume":"19","author":"Nurse","year":"2017","journal-title":"IT Prof."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"101362","DOI":"10.1109\/ACCESS.2022.3207472","article-title":"A Novel Architectural Framework on IoT Ecosystem, Security Aspects and Mechanisms: A Comprehensive Survey","volume":"10","author":"Bouzidi","year":"2022","journal-title":"IEEE Access"},{"key":"ref_17","unstructured":"(2018). Failure Modes and Effects Analysis (FMEA and FMECA) (Standard No. IEC 60812: 2018)."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.cosrev.2015.03.001","article-title":"Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools","volume":"15\u201316","author":"Ruijters","year":"2015","journal-title":"Comput. Sci. Rev."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1111\/j.1539-6924.2010.01475.x","article-title":"Fault and Event Tree Analyses for Process Systems Risk Analysis: Uncertainty Handling Formulations","volume":"31","author":"Ferdous","year":"2011","journal-title":"Risk Anal."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1016\/j.jsm.2019.01.001","article-title":"Analysis and evaluation of risks in underground mining using the decision matrix risk-assessment (DMRA) technique, in Guanajuato, Mexico","volume":"18","year":"2019","journal-title":"J. Sustain. Min."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"668","DOI":"10.1016\/j.ssci.2008.09.005","article-title":"The weighted risk analysis","volume":"47","author":"Suddle","year":"2009","journal-title":"Saf. Sci."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Jan, N., Nasir, A., Alhilal, M., Khan, S., Pamucar, D., and Alothaim, A. (2021). Investigation of Cyber-Security and Cyber-Crimes in Oil and Gas Sectors Using the Innovative Structures of Complex Intuitionistic Fuzzy Relations. Entropy, 23.","DOI":"10.3390\/e23091112"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"5485","DOI":"10.1002\/rnc.6097","article-title":"Distributed filtering for nonlinear systems under Dempster\u2013Shafer theory subject to malicious cyber attacks","volume":"32","author":"Wang","year":"2022","journal-title":"Int. J. Robust Nonlinear Control"},{"key":"ref_24","first-page":"127","article-title":"A game theoretic approach to cyber security risk management","volume":"15","author":"Musman","year":"2018","journal-title":"J. Def. Model. Simul.-Appl. Methodol. Technol.-JDMS"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1109\/MNET.2018.1800279","article-title":"Cyber security game for intelligent transportation systems","volume":"33","author":"Sedjelmaci","year":"2019","journal-title":"IEEE Netw."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Ali, B., and Awad, A.I. (2018). Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors, 18.","DOI":"10.3390\/s18030817"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Oliveira, J., Carvalho, G., Cabral, B., and Bernardino, J. (2020). Failure mode and effect analysis for cyber-physical systems. Future Internet, 12.","DOI":"10.3390\/fi12110205"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1186\/s13635-020-00111-0","article-title":"IoT cyber risk: A holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process","volume":"2020","author":"Kandasamy","year":"2020","journal-title":"EURASIP J. Inf. Secur."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Haseeb, J., Mansoori, M., and Welch, I. (2021, January 4\u20137). Failure Modes and Effects Analysis (FMEA) of Honeypot-Based Cybersecurity Experiment for IoT. Proceedings of the 2021 IEEE 46th Conference on Local Computer Networks (LCN), Edmonton, AB, Canada.","DOI":"10.1109\/LCN52139.2021.9525010"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"2491","DOI":"10.3233\/JIFS-172097","article-title":"Assessing information security risk for an evolving smart city based on fuzzy and grey FMEA","volume":"34","author":"Li","year":"2018","journal-title":"J. Intell. Fuzzy Syst."},{"key":"ref_31","unstructured":"Mock, R.G., Lopez de Obeso, L., Zipper, C., and Sch\u00f6nenberger, M. (2016, January 25\u201329). Resilience assessment of internet of things: A case study on smart buildings. Proceedings of the 26th European Safety and Reliability Conference (ESREL 2016), Glasgow, UK."},{"key":"ref_32","unstructured":"Stamatis, D.H. (2003). Failure Mode and Effect Analysis: FMEA from Theory to Execution, Quality Press."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Amro, A., Gkioulos, V., Katsikas, S., and Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Framework (2022, February 16). Submitted for Review to ACM Transactions on Privacy and Security (TOPS). Available online: https:\/\/www.researchgate.net\/publication\/355203975.","DOI":"10.1145\/3571733"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"135723","DOI":"10.1109\/ACCESS.2021.3117703","article-title":"Fuzzy FMECA Process Analysis for Managing the Risks in the Lifecycle of a CBCT Scanner","volume":"9","author":"Iadanza","year":"2021","journal-title":"IEEE Access"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Ben-Daya, M. (2009). Handbook of Maintenance Management and Engineering, Springer.","DOI":"10.1007\/978-1-84882-472-0"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Sulc, V., Kuchta, R., and Vrba, R. (2009, January 18\u201323). IQMESH implementation in IQRF wireless communication platform. Proceedings of the 2009 Second International Conference on Advances in Mesh Networks, Athens, Greece.","DOI":"10.1109\/MESH.2009.18"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Pongaliur, K., and Xiao, L. (2011, January 10\u201315). Maintaining source privacy under eavesdropping and node compromise attacks. Proceedings of the 2011 Proceedings IEEE INFOCOM, Shanghai, China.","DOI":"10.1109\/INFCOM.2011.5934959"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Olawumi, O., Haataja, K., Asikainen, M., Vidgren, N., and Toivanen, P. (2014, January 14\u201316). Three practical attacks against ZigBee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned. Proceedings of the 2014 14th International Conference on Hybrid Intelligent Systems, Kuwait, Kuwait.","DOI":"10.1109\/HIS.2014.7086198"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"1035","DOI":"10.11591\/eei.v10i2.2741","article-title":"Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome IoT architecture","volume":"10","author":"Simadiputra","year":"2021","journal-title":"Bull. Electr. Eng. Inform."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Lakshminarayana, S., Karachiwala, J.S., Chang, S.Y., Revadigar, G., Kumar, S.L.S., Yau, D.K., and Hu, Y.C. (2018, January 18\u201320). Signal jamming attacks against communication-based train control: Attack impact and countermeasure. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Stockholm, Sweden.","DOI":"10.1145\/3212480.3212500"},{"key":"ref_41","unstructured":"IQRF (2022). IQRF OS User\u2019s Guide [Online], IQRF."},{"key":"ref_42","unstructured":"Dworkin, M.J., Barker, E.B., Nechvatal, J.R., Foti, J., Bassham, L.E., Roback, E., and Dray, J.F. (2001). Advanced Encryption Standard (AES), National Institute of Standards and Technology."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1016\/j.ifacol.2018.07.169","article-title":"Use of the IQRF and Node-RED technology for control and visualization in an IQMESH network","volume":"51","author":"Skovranek","year":"2018","journal-title":"IFAC-PapersOnLine"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40887-018-0025-1","article-title":"Strengthening information technology security through the failure modes and effects analysis approach","volume":"4","author":"Asllani","year":"2018","journal-title":"Int. J. Qual. Innov."},{"key":"ref_45","first-page":"1","article-title":"Identification of Attacks against Wireless Sensor Networks Based on Behaviour Analysis","volume":"10","author":"Korzhuk","year":"2019","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Butun, I., Pereira, N., and Gidlund, M. (2018). Security risk analysis of LoRaWAN and future directions. Future Internet, 11.","DOI":"10.3390\/fi11010003"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"54631","DOI":"10.1109\/ACCESS.2020.2978100","article-title":"Secure session key generation method for LoRaWAN servers","volume":"8","author":"Tsai","year":"2020","journal-title":"IEEE Access"},{"key":"ref_48","first-page":"371","article-title":"Effective key management in dynamic wireless sensor networks","volume":"10","author":"Seo","year":"2014","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_49","unstructured":"CSDI SA (1998). An Attack on CRC-32 Integrity Checks of Encrypted Channels Using CBC and CFB Modes, Core Security."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/4\/2078\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:32:45Z","timestamp":1760121165000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/4\/2078"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,12]]},"references-count":49,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,2]]}},"alternative-id":["s23042078"],"URL":"https:\/\/doi.org\/10.3390\/s23042078","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2023,2,12]]}}}